Red Hat Security Advisory 2024-1069-03

Red Hat Security Advisory 2024-1069-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Security Advisory 2024-1070-03

Red Hat Security Advisory 2024-1070-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

[webapps] Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 - Stored XSS

Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 - Stored XSS

[webapps] kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition

kk Star Ratings

[webapps] Neontext Wordpress Plugin - Stored XSS

Neontext Wordpress Plugin - Stored XSS

Ubuntu Security Notice USN-6673-1

Ubuntu Security Notice 6673-1 - Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose confidential or sensitive information. It was discovered that python-cryptography incorrectly handled memory operations when processing mismatched PKCS#12 keys. A remote attacker could possibly use this issue to cause python-cryptography to crash, leading to a denial of service. This issue only affected Ubuntu 23.10.

Gentoo Linux Security Advisory 202403-03

Gentoo Linux Security Advisory 202403-3 - Multiple vulnerabilities have been discovered in UltraJSON, the worst of which could lead to key confusion and value overwriting. Versions greater than or equal to 5.4.0 are affected.

Gentoo Linux Security Advisory 202403-02

Gentoo Linux Security Advisory 202403-2 - Multiple vulnerabilities have been discovered in Blender, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 3.1.0 are affected.

Gentoo Linux Security Advisory 202403-01

Gentoo Linux Security Advisory 202403-1 - A vulnerability has been discovered in Tox which may lead to remote code execution. Versions greater than or equal to 0.2.13 are affected.

Ubuntu Security Notice USN-6672-1

Ubuntu Security Notice 6672-1 - Morgan Jones discovered that Node.js incorrectly handled certain inputs that leads to false positive errors during some cryptographic operations. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.10. It was discovered that Node.js incorrectly handled certain inputs leaded to a untrusted search path vulnerability. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a privilege escalation.

Ubuntu Security Notice USN-6669-1

Ubuntu Security Notice 6669-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code.

Red Hat Security Advisory 2024-1063-03

Red Hat Security Advisory 2024-1063-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8. Issues addressed include a buffer overflow vulnerability.

[remote] TitanNit Web Control 2.01 / Atemio 7600 - Root Remote Code Execution

TitanNit Web Control 2.01 / Atemio 7600 - Root Remote Code Execution

[remote] Simple Student Attendance System v1.0 - 'classid' Time Based Blind & Union Based SQL Injection

Simple Student Attendance System v1.0 - 'classid' Time Based Blind & Union Based SQL Injection

[webapps] Easywall 0.3.1 - Authenticated Remote Command Execution

Easywall 0.3.1 - Authenticated Remote Command Execution

[local] A-PDF All to MP3 Converter 2.0.0 - DEP Bypass via HeapCreate + HeapAlloc

A-PDF All to MP3 Converter 2.0.0 - DEP Bypass via HeapCreate + HeapAlloc

[remote] TPC-110W - Missing Authentication for Critical Function

TPC-110W - Missing Authentication for Critical Function

[remote] Simple Student Attendance System v1.0 - Time Based Blind SQL Injection

Simple Student Attendance System v1.0 - Time Based Blind SQL Injection

[remote] GL.iNet AR300M v4.3.7 Remote Code Execution - CVE-2023-46454 Exploit

GL.iNet AR300M v4.3.7 Remote Code Execution - CVE-2023-46454 Exploit

[remote] Petrol Pump Management Software v1.0 - 'Address' Stored Cross Site Scripting

Petrol Pump Management Software v1.0 - 'Address' Stored Cross Site Scripting

[local] Windows PowerShell - Event Log Bypass Single Quote Code Execution

Windows PowerShell - Event Log Bypass Single Quote Code Execution

[webapps] Magento ver. 2.4.6 - XSLT Server Side Injection

Magento ver. 2.4.6 - XSLT Server Side Injection

[remote] R Radio Network FM Transmitter 1.07 system.cgi - Password Disclosure

R Radio Network FM Transmitter 1.07 system.cgi - Password Disclosure

[remote] Maxima Max Pro Power - BLE Traffic Replay (Unauthenticated)

Maxima Max Pro Power - BLE Traffic Replay (Unauthenticated)

[remote] AC Repair and Services System v1.0 - Multiple SQL Injection

AC Repair and Services System v1.0 - Multiple SQL Injection

[remote] Enrollment System v1.0 - SQL Injection

Enrollment System v1.0 - SQL Injection

[remote] Real Estate Management System v1.0 - Remote Code Execution via File Upload

Real Estate Management System v1.0 - Remote Code Execution via File Upload

[remote] GL.iNet AR300M v4.3.7 Arbitrary File Read - CVE-2023-46455 Exploit

GL.iNet AR300M v4.3.7 Arbitrary File Read - CVE-2023-46455 Exploit

[remote] GL.iNet AR300M v3.216 Remote Code Execution - CVE-2023-46456 Exploit

GL.iNet AR300M v3.216 Remote Code Execution - CVE-2023-46456 Exploit

[remote] Petrol Pump Management Software v.1.0 - Stored Cross Site Scripting via SVG file

Petrol Pump Management Software v.1.0 - Stored Cross Site Scripting via SVG file

[remote] Petrol Pump Management Software v1.0 - Remote Code Execution via File Upload

Petrol Pump Management Software v1.0 - Remote Code Execution via File Upload

[remote] Petrol Pump Management Software v.1.0 - SQL Injection

Petrol Pump Management Software v.1.0 - SQL Injection

[webapps] Boss Mini 1.4.0 - local file inclusion

Boss Mini 1.4.0 - local file inclusion

JetStream Smart Switch - TL-SG2210P v5.0/ Improper Access Control / CVE-2023-43318

Posted by Shaikh Shahnawaz on Mar 02

[+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC
[+] twitter.com/_striv3r_

[Vendor]
Tp-Link (http://tp-link.com)

[Product]
JetStream Smart Switch - TL-SG2210P v5.0 Build 20211201

[Vulnerability Type]
Improper Access Control

[Affected Product Code Base]
JetStream Smart Switch - TL-SG2210P v5.0 Build 20211201

[Affected Component]
usermanagement, swtmactablecfg endpoints of webconsole

[CVE Reference]
CVE-2023-43318...

SEC Consult SA-20240226-0 :: Local Privilege Escalation via DLL Hijacking in Qognify VMS Client Viewer

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Mar 02

SEC Consult Vulnerability Lab Security Advisory < 20240226-0 >
=======================================================================
title: Local Privilege Escalation via DLL Hijacking
product: Qognify VMS Client Viewer
vulnerable version: >=7.1
fixed version: see solution
CVE number: CVE-2023-49114
impact: medium
homepage: https://www.qognify.com/...

XAMPP 5.6.40 - Error Based SQL Injection

Posted by Andrey Stoykov on Mar 02

# Exploit Title: XAMPP - Error Based SQL Injection
# Date: 02/2024
# Exploit Author: Andrey Stoykov
# Version: 5.6.40
# Tested on: Ubuntu 22.04
# Blog: http://msecureltd.blogspot.com

Steps to Reproduce:

1. Login to phpmyadmin
2. Visit Export > New Template > test > Create
3. Navigate to "Existing Templates"
4. Select template "test" and click "Update"
5. Trap HTTP POST request
6. Place single quote to...

Multiple XSS Issues in boidcmsv2.0.1

Posted by Andrey Stoykov on Mar 02

# Exploit Title: Multiple XSS Issues in boidcmsv2.0.1
# Date: 3/2024
# Exploit Author: Andrey Stoykov
# Version: 2.0.1
# Tested on: Ubuntu 22.04
# Blog: http://msecureltd.blogspot.com

XSS via SVG File Upload

Steps to Reproduce:

1. Login with admin user
2. Visit "Media" page
3. Upload xss.svg
4. Click "View" and XSS payload will execute

// xss.svg contents

<?xml version="1.0" standalone="no"?>...

BACKDOOR.WIN32.ARMAGEDDON.R / Hardcoded Cleartext Credentials

Posted by malvuln on Mar 02

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/68d135936512e88cc0704b90bb3839e0.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Armageddon.r
Vulnerability: Hardcoded Cleartext Credentials
Description: The malware listens on TCP port 5859 and requires
authentication. The password "KOrUPtIzEre" is stored in cleartext within
the PE file at...

Multilaser Router - Access Control Bypass through Cookie Manipulation - CVE-2023-38946

Posted by Vinícius Moraes on Mar 02

=====[Tempest Security Intelligence - Security Advisory -
CVE-2023-38946]=======

Access Control Bypass in Multilaser router's Web Management Interface

Author: Vinicius Moraes < vinicius.moraes.w () gmail com >

=====[Table of
Contents]========================================================

1. Overview
2. Detailed description
3. Other contexts & solutions
4. Acknowledgements
5. Timeline
6. References

=====[1....

Multilaser Router - Access Control Bypass through URL Manipulation - CVE-2023-38945

Posted by Vinícius Moraes on Mar 02

=====[Tempest Security Intelligence - Security Advisory -
CVE-2023-38945]=======

Access Control Bypass in Multilaser routers' Web Management Interface

Author: Vinicius Moraes < vinicius.moraes.w () gmail com >

=====[Table of
Contents]========================================================

1. Overview
2. Detailed description
3. Other contexts & solutions
4. Acknowledgements
5. Timeline
6. References

=====[1....

BACKDOOR.WIN32.AUTOSPY.10 / Unauthenticated Remote Command Execution

Posted by malvuln on Mar 02

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/b012704cad2bae6edbd23135394b9127.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.AutoSpy.10
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 1008. Third party adversaries
who can reach an infected host can issue various commands made available by...

Backdoor.Win32.Jeemp.c / Cleartext Hardcoded Credentials

Posted by malvuln on Mar 02

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/d6b192a4027c7d635499133ca6ce067f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Jeemp.c
Vulnerability: Cleartext Hardcoded Credentials
Description: The malware listens on three TCP ports which are randomized
e.g. 9719,7562,8687,8948,7376,8396 so forth. There is an ESMTP server
component...

Multilaser Router - Access Control Bypass through Header Manipulation - CVE-2023-38944

Posted by Vinícius Moraes on Mar 02

=====[Tempest Security Intelligence - Security Advisory -
CVE-2023-38944]=======

Access Control Bypass in Multilaser routers' Web Management Interface

Author: Vinicius Moraes < vinicius.moraes.w () gmail com >

=====[Table of
Contents]========================================================

1. Overview
2. Detailed description
3. Other contexts & solutions
4. Acknowledgements
5. Timeline
6. References

=====[1....

BACKDOOR.WIN32.AGENT.AMT / Authentication Bypass

Posted by malvuln on Mar 02

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/2a442d3da88f721a786ff33179c664b7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Agent.amt
Vulnerability: Authentication Bypass
Description: The malware can run an FTP server which listens on TCP port
2121. Third-party attackers who can reach infected systems can logon using
any username/password...

Ubuntu Security Notice USN-6671-1

Ubuntu Security Notice 6671-1 - It was discovered that php-nyholm-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use this issue to perform an HTTP header injection attack.

Ubuntu Security Notice USN-6670-1

Ubuntu Security Notice 6670-1 - It was discovered that php-guzzlehttp-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use these issues to perform an HTTP header injection attack.

Ubuntu Security Notice USN-6653-3

Ubuntu Security Notice 6653-3 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6647-2

Ubuntu Security Notice 6647-2 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the Rose X.25 protocol implementation in the Linux kernel, leading to a use-after- free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6651-3

Ubuntu Security Notice 6651-3 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Red Hat Security Advisory 2024-1062-03

Red Hat Security Advisory 2024-1062-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1061-03

Red Hat Security Advisory 2024-1061-03 - An update is now available for Red Hat Satellite 6.13 for RHEL 8. Issues addressed include memory leak and server-side request forgery vulnerabilities.

Red Hat Security Advisory 2024-1057-03

Red Hat Security Advisory 2024-1057-03 - An update is now available for Red Hat Ansible Automation Platform 2.4. Issues addressed include crlf injection and denial of service vulnerabilities.

Red Hat Security Advisory 2024-1041-03

Red Hat Security Advisory 2024-1041-03 - An update for go-toolset-1.19-golang is now available for Red Hat Developer Tools. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2024-1055-03

Red Hat Security Advisory 2024-1055-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2024-1059-03

Red Hat Security Advisory 2024-1059-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2024-1060-03

Red Hat Security Advisory 2024-1060-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2024-1058-03

Red Hat Security Advisory 2024-1058-03 - An update for python-pillow is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a code execution vulnerability.

Debian Security Advisory 5634-1

Debian Linux Security Advisory 5634-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Ubuntu Security Notice USN-6653-2

Ubuntu Security Notice 6653-2 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-6651-2

Ubuntu Security Notice 6651-2 - It was discovered that a race condition existed in the ATM subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the AppleTalk networking subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.